The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for enforcing machine deployment zoning rules in an automatic provisioning environment.
In some computing environments, an administrator may organize machines into zones, collections of machines, for various reasons. In an environment concerned about security, for example, there might be three different computer zones—red, yellow, and green—where the red zone allows the most secure machines and the green zone allows machines with fewer restrictions. On a global level, an administrator may zone machines by geography to enforce local rules, such as encryption regulations. The problem with managing machines over a collection of zones is that it is difficult to ensure that the machines in the zones follow the rules required by that zone. Failure to follow the rules of the zone could lead to legal or security consequences that could jeopardize a business.
The current solution to the zoning problem is a combination of human trust, process rules, and software verification throughout the process. Specifically, a human would know the rules of the zone and design a system to follow the rules. An administrator may follow a process such as peer review to ensure that the design meets the requirements of the zone. After creating the machine, the administrator may use software to attempt verification that the machine meets the requirements of the zone. The administrator may schedule the software, which attempts to ensure that a machine meets the zone requirements, to run a check every hour or day, for example, and report failures if a rule is violated. A variety of human processes and software exist to try to ensure that a machine meets the zone requirements, but each solution has drawbacks.
The problem with human reviews of possible changes to a machine in a zone are two-fold. First, a second human, the reviewer, is needed slowing down the rate at which changes can be implemented. Second, the author of the machine specification relies upon the reviewer to not make mistakes. If both the original author of a change and the reviewer forget about a security rule or chooses not to enforce a rule, then the value of the review is compromised.
A process for implementing changes is a slight variation on a classic review, where the process of making a change to a machine is a little more formal. Perhaps more people with different backgrounds all have a chance to review the change, or perhaps someone tests the change in a staging environment first. The problems with a process for implementing changes are similar, slow rate of change and possible human error.
After a machine is deployed into a zone, one may use automated software to assert that the rules are followed by the machine. For example, one may run a scan port daily to ensure that no ports are open or scan installed software packages for known security problems. When a problem is found, the software may send a report to an administrator or takes some other automated action. The main problem with this approach is the ability for a change to be “live” for some period of time before the software verification catches the rule violation.